Lead Member of Technical Staff- Platform Security Engineer

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

We're seeking a Platform Security Engineer to join our Security team and build the future of developer-centric security at athenahealth. You'll design and implement security platforms that integrate seamlessly into developer workflows, creating automation, frameworks, and self-service tooling that enable engineering teams to ship secure code faster. Your mission: eliminate security friction while strengthening our DevSecOps posture across the organization.

What we need for this role:

You are a platform security engineer who builds security solutions that integrate seamlessly into developer workflows. You identify friction points in the development process and create automation, frameworks, and self-service tooling that enable teams to ship secure code faster. With strong software engineering skills and security expertise, you design scalable platforms that balance security requirements with development usability. You have experience with API integration, CI/CD security, and translating complex security concepts. You measure success through adoption rates and reduced friction, and you communicate effectively across technical and business audiences to drive security outcomes without compromising productivity.

Responsibilities may include, but are not limited to:

Technical Responsibilities

. Design and build security capabilities that provide self-service features for developers, including security testing APIs, automated policy enforcement, and security-as-code solutions

. Develop seamless integrations between security tools and developer workflows, ensuring security checks are embedded in CI/CD pipelines, IDEs, pull request workflows, and deployment processes

. Champion security tools such as static code analysis, dynamic code analysis, scanning of sensitive information ensure teams know about tooling and use it during their daily coding activities

. Ability to debug complex problems, work through logs, and engage vendors where appropriate

. Willingness and ability to develop strong documentation for stakeholders and team members, including thoroughly commented code/scripts and accurate design specifications

. Automate integrations and notifications with systems such as internal bug tracking systems to ensure results are documented and shared with necessary stakeholders

. Ensure tooling is designed for high availability and redundancy.

. Act as an escalation point and participate in on-call rotations where required.

. Understand and follow coding conventions, architectures, and best practices

. Perform peer code reviews to ensure quality standards

Collaboration and Leadership

. Ownership of commitments, take responsibility for outcomes, and drive initiatives to completion

. Participate and contribute to scrum meetings i.e. daily stand-up, sprint planning, readouts and retrospectives

. Drive self-organization help determine how the team functions in collaboration with your peers

. Partner with Product to establish feedback mechanisms to understand pain points, gather requirements, and validate that security solutions are meeting their needs without creating bottlenecks

. Work collaboratively across the Technology and Product organizations to ensure alignment towards business goals

. Builds strong relationships with cross-functional team members

. Share business and technical learnings with the broader engineering and product organization, while adapting approach for different audiences

Education & Experience Required:

. 10-15 years of software engineering experience with a focus on security tooling, automation, or platform development

. Bachelor's degree in Computer Science, Engineering, or equivalent practical experience

. Information Security expertise including application security, secure development lifecycle, threat modeling, vulnerability management, and risk assessment

. Modern programming proficiency in languages such as Python, Java, Groovy, JavaScript, or similar (polyglot experience preferred)

Desired Qualifications:

. CI/CD and DevSecOps experience including pipeline security, container security (Docker/Kubernetes), and infrastructure as code (Terraform)

. Security tooling experience with SAST, DAST, SCA, CNAPP, or similar application security platforms

. Cloud architecture knowledge with AWS and/or Azure, including cloud-native security patterns

. Container management experience with Docker and Kubernetes

. Agile development experience working in cross-functional teams

. Authored production-quality code that is performant, scalable, maintainable, and well-documented